DreamHost Resets All FTP/Shell/VPS Account Passwords

Knowing that a lot of people use DreamHost for their WordPress powered websites, it’s a bit unsettling to see that suspicious activity was detected within one of their databases and thus, passwords have been reset across FTP/Shell and VPS customer accounts. If you use DreamHost and have not been able to log-in recently, this may explain why.

Like this:

Related

5 Comments

I am a huge DreamHost fan, and am not abandoning ship as of yet, but this situation aggravated me. I understand why they had to do it and wasn’t really upset over having to reset my passwords (I was due anyway), but to sync my new password for one site took more than 2+ hours when I did it over the weekend. I was very upset as I was trying to work on a new site I was building and I felt that the long delay was unnecessary.

I suppose DreamHost *could* have remained silent about this intrusion, and just let us, the customers taker the heat when the intruders took over our websites & our lives. And while nobody is happy that there was a break-in, I think that they dealt with the best way they could. They’ve certainly been forthcoming and transparent about the whole affair, which garners them some credit in my book. DH has treated me well for several years now, so I’m willing to cut them some slack when they took the hard way to protect me & my sites. I’m sure forcing a ftp password rest was not an easy decision, knowing the hue & cry it would cause, but it was the right thing to do.

And yes, it totally affected me, I host 30 or 40 some domains under my DH acct. So I had a lot of passwords to reset, and a lot of people to inform. But still, it could have happened at any webhost, not matter how expensive or unfriendly.

I’m using DH myself and was unhappy for a couple of reasons. Yes, I’m happy they were open about the intrusion right away but I was unhappy about all the passwords I had to change. I saw the post on the backend of DH the day it happened and quickly changed all my passwords for all sites I’m hosting. The next day I saw the email they sent out to customers and the story being covered by some of the major news sites across the web. After the story broke and the email was sent out I went back to a few of my sites with the new reset password and they didn’t work. It seems like they forced a reset of passwords twice as I had reset them all when I first got word but those reset pass’s didn’t work a day later… I’m not sure if it was just my account or not but having to reset that many passwords twice was a hassle. Also they noted in the email that they recommend resetting the passwords on all email accounts as well. That’s a ton of passwords to reset and a lot of communication time with my clients to reset their phones, desktop applications, and web based access. Ouch!